# {{output.header}}
# {{{output.link}}}
{{#if form.hsts}}
<VirtualHost *:80>
    RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

{{/if}}
<VirtualHost *:443>
    SSLEngine on
    SSLWallet               /path/to/wallet
{{#if form.hsts}}

    # HTTP Strict Transport Security (mod_headers is required) ({{output.hstsMaxAge}} seconds)
    Header always set Strict-Transport-Security "max-age={{output.hstsMaxAge}}"
{{/if}}
</VirtualHost>

# {{form.config}} configuration
SSLProtocol             All {{#unless (includes "TLSv1" output.protocols)}}-TLSv1{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}} -TLSv1.1{{/unless}}
SSLCipherSuite          {{{join output.ciphers ":"}}}
SSLHonorCipherOrder     on
